Colby Moore, a researcher from cyber security firm Synack, has taught the attendees of Black Hat Conf. something that can help an expert to own your cellphones, cars and factories. Using cheap hardware, Moore demonstrated successful satellite hack by intercepting and decoding the unencrypted signals.
We all know that GPS trackers send signals to satellites and they send it back to base stations on Earth. The Globalstar GPS satellite network, the company that calls itself the “world’s most modern satellite network”, covers most of the Earth. And, you’ll be surprised to know that it doesn’t guard its GPS satellites properly. There are no layers of encryption and safety to confirm that the data is only shared between the two desired ends.Colby Moore, a researcher from cyber security firm Synack said that each year at Black Hat, someone demonstrates a satellite hack- but all of them are theoretical. So, he thought, why not try something new. At this year’s Black Hat conf., without any high-level theoretical presentation, he went on to demonstrate the satellite hack step by step. Moore targeted Gobalstar as he already uses a Globalstar SPOT for emergency signalling. Makes perfect sense, right?
To reverse-engineer the device, he did some simple research. He found that device’s registration with the FCC has lots of useful data for this GPS satellite hack. After detailing the protocol, Moore made a simple device that costs less than $1,000 to capture and decode the signals from Globalstar GPS trackers.
Moore’s Box has the ability to catch the satellite’s traffic and decode it. But, to the satellite hack of GPS tracker in real time, it will need more computing power. Talking about the idea of injecting a packet, he called it illegal as it could interfere with the critical functions and communications. He said that the actual control of satellite doesn’t use this protocol, hence people should stop worrying about moving the satellite back and forth.
You can see picture of Moore with his satellite hack box below:
PCMag writes that looking at the device’s firmware, Moore spotted a debugging console that had the ability to change device’s unique ID to that of another device. So, you can steal a car, copy and disable its tracker and make it look like as if that car is still travelling. It could also be used to spoof emergency alerts, know where someone’s hiding, or take competitive advantage by tracking your business rival’s activities.
Moore reported the problem to Globalstar about 180 days ago, but he didn’t get a proper response. They later issued a statement repeating that they “take privacy seriously.” However, Globalstar can’t really do anything as it’s nearly impossible to upgrade about 649,000 Globalstar devices around the globe.
No comments:
Post a Comment